Security analysis of mandatory access control model

Mandatory access control (MAC) model is an important security model. Based on the lattice model of security level and Bell-LaPadula model the definition of MAC security model is formally described in detail. The equivalent MAC security model described by colored Petri nets (CPN) is proposed. According to the state reachability graph, four security properties of MAC security model, i.e. the access temporal relations, the reachability of objects when subject accesses them, hidden security holes due to the dynamic security level, the indirect reasoning of confidential information flow between different objects, are explored at length. In addition, an example of the security model is illustrated and the conclusions show that the security model based on Petri nets is not only a concise graphic analysis method, but also suited to be formally verified. This model can efficiently improve the whole security policies during the system security design and implementation.

[1]  Konstantin Knorr,et al.  Security Requirements of E-Business Processes , 2001, I3E.

[2]  Kurt Jensen,et al.  Colored Petri nets (vol. 3) , 1997 .

[3]  D. Marc A Petri net representation of the Take-Grant model , 1993 .

[4]  Gang Chen,et al.  Petri-net-based context-related access control in workflow environment , 2002, The 7th International Conference on Computer Supported Cooperative Work in Design.

[5]  Leonard J. LaPadula,et al.  MITRE technical report 2547, volume II , 1996 .

[6]  Vijay Varadharajan,et al.  Petri net based modelling of information flow security requirements , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[7]  Rüdiger Valk,et al.  Petri nets for systems engineering - a guide to modeling, verification, and applications , 2010 .

[8]  Konstantin Knorr,et al.  Dynamic access control through Petri net workflows , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[9]  David A. Bell,et al.  The Bell-LaPadula Model , 1996 .